Friday, June 10, 2011

Citi Data Theft Points Up a Nagging Problem - NYTimes.com

New realities in data security

“We’re not dealing with 14-year-old hacker kids,” said Steve Elefant, the chief information officer at Heartland Payment Systems, which overhauled its security measures after the systems it used to process credit and debit card transactions were hacked in 2008. “We’re talking about 21st-century bank robbers — sophisticated, organized criminal gangs, located mostly in Eastern Europe and the U.S.”

Making matters worse, nearly every step along the payment chain is outsourced from the time a card is swiped to the time a monthly statement arrives, leaving plenty of openings for enterprising thieves. Security is further hampered by a patchwork of data protection laws and regulatory agencies, each with limited mandates.